一 DNS相关知识
什么是DNS服务器
DNS,即Domain Name System,域比如名服务器,实现域名和IP地址对应的解析。将www.baidu.com 转换成某个IP地址,或者将某个IP映射成www.baidu.com。
这里有个小疑问,没有域名服务器是否可以可以正常上网?答案是当然可以。我们可以使用IP地址,但是输入域名无法访问。根域是一个点(.),下面还有子域,比如熟知的com、net、cn、net、org,某个子域,比如com之下,又有163、baidu……,baidu下又有zhidao、wenku……。根域服务器,全球有13台,亚洲有一台在日本。DNS是怎么解析的呢?有两种方式,第一是递归查询:本级不知道,上一级知道,然后沿路返回;第二是迭代查询:上一级给你信息,自己查询。本机配置DNS成功后不被认可,即不能在公网上跑,需要被上一级管理才行。
sql
常用的DNS服务器
bind:最流行的DNS服务器 (公司用)
mydns:和数据库进行集成(域名提供商,发便用户注册),写到数据库里
下面我们讲解DNS的用法,包括DNS正解配置、DNS配置mail服务器、DNS——配置别名、DNS——通配符、DNS做负载均衡、DNS配置——反解、DNS转发、DNS主从服务器、子域授权、DNS高级视图、/etc/named.conf:41: open: /etc/named.acl.dx:file not found解决。
二 DNS配置——正解
#DNS配置——正解(域名转换成IP地址)
#Serv01:DNS服务器
#Serv02:测试用
--第一步,serv01安装bind
#安装bind
[root@serv01~]# yum install bind* -y
--第二步,修改配置文件named.conf
[root@serv01~]# /etc/named.conf
#查询
[root@serv01~]# rpm -qa|grep bind
[root@serv01~]# rpm -ql bind|less
#编辑文件
[root@serv01~]# vim /etc/named.conf
options {
#监听端口 IP地址
#listen-onport 53 { 127.0.0.1; };
#监听任何IP地址
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
#指定根目录
directory "/var/named";
#对Cache进行备份
dump-file "/var/named/data/cache_dump.db";
#静态文件
statistics-file"/var/named/data/named_stats.txt";
#内存静态文件
memstatistics-file"/var/named/data/named_mem_stats.txt";
#允许查询的IP地址
#allow-query { localhost; };
#允许查询所有的IP地址进行查询
allow-query { any; };
#默认递归查询
recursion yes;
#安全相关的
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
#根域服务器
zone "." IN {
type hint;
file "named.ca";
};
#区域文件
include"/etc/named.rfc1912.zones";
[root@serv01~]# ls /var/named/
chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
#根域服务器的相关信息
[root@serv01~]# cat /var/named/named.ca
;<<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS .@a.root-servers.net
;; globaloptions: printcmd
;; Gotanswer:
;;->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420
;; flags:qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20
;; OPTPSEUDOSECTION:
; EDNS:version: 0, flags:; udp: 4096
;;QUESTION SECTION:
;. IN NS
;; ANSWERSECTION:
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
;;ADDITIONAL SECTION:
#13台根域服务器
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1
L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35
;; Querytime: 147 msec
;;SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN:Mon Feb 18 13:29:18 2008
;; MSGSIZE rcvd: 615
#本地域名的解析
[root@larrywen0808]# ping localhost.localdomain
PINGlocalhost (127.0.0.1) 56(84) bytes of data.
64 bytesfrom localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.024 ms
64 bytesfrom localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.026 ms
64 bytesfrom localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.025 ms
64 bytesfrom localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.027 ms
64 bytesfrom localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.026 ms
64 bytesfrom localhost (127.0.0.1): icmp_seq=6 ttl=64 time=0.026 ms
^C
---localhost ping statistics ---
6 packetstransmitted, 6 received, 0% packet loss, time 5624ms
rttmin/avg/max/mdev = 0.024/0.025/0.027/0.005 ms
--第三步,修改配置文件named.rfc1912.zones
[root@serv01~]# tail -n5 /etc/named.rfc1912.zones
zone"hongyi.com" IN {
typemaster;
#域名和IP地址的对应关系的存放文件
file"hongyi.com.zone";
#不允许更新
allow-update{none;};
};
#保持属性保持一致(所属组)
[root@serv01named]# cp named.localhost hongyi.com.zone -a
[root@serv01named]# ll named.localhost hongyi.com.zone
-rw-r-----.1 root named 152 Jun 21 2007hongyi.com.zone
-rw-r-----.1 root named 152 Jun 21 2007 named.localhost
--第四步,拷贝文件,修改hongyi.com.zone文件
$TTL 1D
#注意后面有点
@ IN SOA dns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
#和前面的DNS保持一致
NS dns.hongyi.com.
dns IN A 192.168.1.11
www IN A 192.168.1.88
#文件配置项解析
[root@serv01~]# cat /var/named/named.localhost
$TTL 1D
#@:域名 hongyi.com
#rname.invalid:出了问题,发送邮件地址
@ IN SOA @rname.invalid. (
#序列号,主从服务器更新需要。版本号,文件修改的次数
0 ;serial
#从服务器更新刷新的时间
1D ; refresh
#没有刷新成功,重试时间
1H ; retry
#如果还没成功,失效的时间
1W ; expire
#有效时间:三个小时
3H) ; minimum
#和前面保持一致
NS @
A 127.0.0.1
AAAA ::1
#最终配置结果
#/etc/named.conf配置文件
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
#/etc/named.rfc1912.zones配置
zone "hongyi.com" IN {
type master;
file "hongyi.com.zone";
allow-update {none;};
};
#/var/named/hongyi.com.zone 配置
$TTL 1D
#注意后面有点
@ INSOA dns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
#和前面的DNS保持一致
NS dns.hongyi.com.
dns INA 192.168.1.11
www INA 192.168.1.88
--第五步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: [ OK ]
Starting named: [ OK ]
--第六步,使用dig测试,查看是否配置成功
[root@serv01 named]# dig www.hongyi.com
; <<>> DiG9.7.3-RedHat-9.7.3-2.el6 <<>> www.hongyi.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 61132
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.hongyi.com. IN A
;; ANSWER SECTION:
www.hongyi.com. 86400 IN A 192.168.1.88
;; AUTHORITY SECTION:
hongyi.com. 86400 IN NS dns.hongyi.com.
;; ADDITIONAL SECTION:
dns.hongyi.com. 86400 IN A 192.168.1.11
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 8 18:40:12 2013
;; MSG SIZE rcvd: 82
#查看简短的信息
[root@serv01 named]# dig www.hongyi.com+short
192.168.1.88
--第七步,serv01能ping通域名
#不能ping通
[root@serv01 named]# ping www.hongyi.com
ping: unknown host www.hongyi.com
#不能ping通
[root@serv01 named]# ping dns.hongyi.com
ping: unknown host dns.hongyi.com
#在resolv.conf文件中加入nameserver
[root@serv01 ~]# vim /etc/resolv.conf
[root@serv01 ~]# cat /etc/resolv.conf
nameserver 192.168.1.11
#现在可以ping了,可以解析对应的IP地址
[root@serv01 ~]# ping www.hongyi.com
PING www.hongyi.com (192.168.1.88) 56(84)bytes of data.
^C
--- www.hongyi.com ping statistics ---
2 packets transmitted, 0 received, 100%packet loss, time 1161ms
#可以ping通dns服务器
[root@serv01 ~]# ping dns.hongyi.com
PING dns.hongyi.com (192.168.1.11) 56(84)bytes of data.
64 bytes from 192.168.1.11: icmp_seq=1 ttl=64time=0.020 ms
64 bytes from 192.168.1.11: icmp_seq=2 ttl=64time=0.071 ms
64 bytes from 192.168.1.11: icmp_seq=3 ttl=64time=0.039 ms
64 bytes from 192.168.1.11: icmp_seq=4 ttl=64time=0.041 ms
^C
--- dns.hongyi.com ping statistics ---
4 packets transmitted, 4 received, 0% packetloss, time 3316ms
rtt min/avg/max/mdev = 0.020/0.042/0.071/0.019ms
--第八步,server02测试
[root@serv02 ~]# echo "nameserver192.168.1.11" > /etc/resolv.conf
[root@serv02 ~]# cat /etc/resolv.conf
nameserver 192.168.1.11
[root@serv02 ~]# yum install bind-utils -y
[root@serv02 ~]# dig www.hongyi.com +short
192.168.1.88
[root@serv02 ~]# nslookup www.hongyi.com
Server: 192.168.1.11
Address: 192.168.1.11#53
Name: www.hongyi.com
Address: 192.168.1.88
--第九步,增加其他的解析
[root@serv01 named]# vim/var/named/hongyi.com.zone
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@serv01 named]# cat/var/named/hongyi.com.zone
$TTL 1D
@ INSOA dns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.hongyi.com.
dns INA 192.168.1.11
www INA 192.168.1.88
ftp INA 192.168.1.89
#或者这样
ftp.hongiy.com. IN A 192.168.1.89
hongiy.com. INMX 5 mail
mail IN A 192.168.1.90
[root@serv01 named]# dig ftp.hongyi.com+short
192.168.1.89
三 DNS——配置mail服务器
--第一步,修改配置文件hongyi.com.zone
[root@serv01 named]# vim hongyi.com.zone
[root@serv01 named]# cat hongyi.com.zone
$TTL 1D
@ INSOA dns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.hongyi.com.
dns INA 192.168.1.11
#第一种配置,指定全名
hongyi.com. INMX 5 mail
mail IN A 192.168.1.90
--第二步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
--第三步,检测是否配置成功
[root@serv01 named]# dig -t mx hongyi.com.+short
5 mail.hongyi.com.
--第四步,查看第二种配置
[root@serv01 named]# cat hongyi.com.zone
$TTL 1D
@ IN SOAdns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.hongyi.com.
#继承自根
INMX 5 mail.hongyi.com.
mail.hongyi.com. IN A 192.168.1.90
[root@serv01 named]# dig -t mx hongyi.com.+short
5 mail.hongyi.com.四 DNS——配置别名
--第一步,修改配置文件
[root@serv01 named]# cat hongyi.com.zone
$TTL 1D
@ IN SOA dns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.hongyi.com.
IN MX 5 mail.hongyi.com.
dns IN A 192.168.1.11
www IN A 192.168.1.88
ftp IN A 192.168.1.89
mail.hongyi.com. IN A 192.168.1.90
smtp IN CNAME mail.hongyi.com.
pop3 IN CNAME mail.hongyi.com.
--第二步,重启服务
[root@serv01 named]# /etc/init.d/named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
--第三步,测试
[root@serv01 named]# dig -t mx hongyi.com. +short
5 mail.hongyi.com.
[root@serv01 named]# dig pop3.hongyi.com +short
mail.hongyi.com.
192.168.1.90
[root@serv01 named]# dig smtp.hongyi.com +short
mail.hongyi.com.
192.168.1.90五 DNS——通配符
#通配符(其他的不受影响)
--第一步,修改配置文件
[root@serv01 named]# vim hongyi.com.zone
[root@serv01 named]# cat hongyi.com.zone
$TTL 1D
@ INSOA dns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.hongyi.com.
dns INA 192.168.1.11
* INA 192.168.1.88
--第二步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
--第三步,测试。只要不在DNS配置项里域名都被解析成192.168.1.88
192.168.1.88
[root@serv01 named]# dig mail.hongyi.com+short
192.168.1.88
[root@serv01 named]# dig xxxx.hongyi.com+short
192.168.1.88
#这个不能检测处IP
[root@serv01 named]# dig hongyi.com +short
[root@serv01 named]#
#把hongyi.com.加上
[root@serv01 named]# vim hongyi.com.zone
[root@serv01 named]# cat hongyi.com.zone
$TTL 1D
@ INSOA dns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.hongyi.com.
dns INA 192.168.1.11
hongyi.com. IN A 192.168.1.88
* INA 192.168.1.88
#重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
#可以正常匹配出IP
[root@serv01 named]# dig hongyi.com +short
192.168.1.88
[root@serv01 named]# vim hongyi.com.zone
[root@serv01 named]# cat hongyi.com.zone
$TTL 1D
@ INSOA dns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.hongyi.com.
INMX 5 mail.hongyi.com.
mail.hongyi.com IN A 192.168.0.90
dns INA 192.168.1.11
hongyi.com. IN A 192.168.1.88
* INA 192.168.1.88
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@serv01 named]# dig -t mx hongyi.com.+short
5 mail.hongyi.com.
[root@serv01 named]# dig mail.hongyi.com.+short
192.168.1.88
#本机有效,不循环查找
[root@serv01 named]# ping -c 2www.larrywen.com
PING www.larrywen.com (192.168.1.11) 56(84)bytes of data.
64 bytes from www.larrywen.com(192.168.1.11): icmp_seq=1 ttl=64 time=0.023 ms
64 bytes from www.larrywen.com(192.168.1.11): icmp_seq=2 ttl=64 time=0.039 ms
--- www.larrywen.com ping statistics ---
2 packets transmitted, 2 received, 0% packetloss, time 999ms
rtt min/avg/max/mdev =0.023/0.031/0.039/0.008 ms
[root@serv01 named]# vim /etc/hosts
[root@serv01 named]# tail -n1 /etc/hosts
192.168.1.11 www.larrywen.com
六 DNS做负载均衡
#一个域名解析成多个IP地址
--第一步,修改配置文件
[root@serv01 named]# vim hongyi.com.zone
[root@serv01 named]# cat hongyi.com.zone
$TTL 1D
@ INSOA dns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.hongyi.com.
dns INA 192.168.1.11
www INA 192.168.1.88
www INA 192.168.1.188
--第二步,启动服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
--第三步,测试
[root@serv01 named]# dig www.hongyi.com+short
192.168.1.88
192.168.1.188
#不建议这样使用,因为会出现Session不一致的问题七 DNS配置——反解
反解:IP地址解析成域名,比如192.168.1.88解析成www.hongyi.com.反解邮件服务器用得较多。
--第一步,修改配置文件named.conf,和正解保持不变
[root@serv01 named]# cat /etc/named.conf
#搭建DNS——正解 反解都配置
options {
listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
--第二步,修改配置文件/etc/named.rfc1912.zones
[root@serv01 named]# vim/etc/named.rfc1912.zones
[root@serv01 named]# tail -n5/etc/named.rfc1912.zones
zone "1.168.192.in-addr.arpa" IN {
type master;
file "hongyi.com.rev";
allow-update { none; };
};
[root@serv01 named]# tail -n5/etc/named.rfc1912.zones
zone "1.168.192.in-addr.arpa" IN {
type master;
file "hongyi.com.rev";
allow-update { none;};
};
--第三步,拷贝模板文件,并修改
--#记住一定要有-a或者-p参数,保持属性不变
[root@serv01 named]# cp named.localhosthongyi.com.rev -a
[root@serv01 named]# ll hongyi.com.revhongyi.com.zone named.localhost
-rw-r-----. 1 root named212 Aug 8 21:52 hongyi.com.rev
-rw-r-----. 1 root named203 Aug 8 21:47 hongyi.com.zone
-rw-r-----. 1 root named152 Jun 21 2007 named.localhost
#如果组不是named,使用chgrp改变文件所属组
[root@serv01 named]# chgrp namedhongyi.com.rev
[root@serv03 named]# cat hongyi.com.rev
$TTL 1D
@ INSOA dns.hongyi.com. root.hongyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.hongyi.com.
11 IN PTR dns.hongyi.com.
88 IN PTR www.hongyi.com.
--第四步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
--第五步,dig命令检查
[root@serv01 named]# dig -x 192.168.1.88+short
www.hongyi.com.八 DNS转发
DNS转发网络拓扑结构图,如图一:
图一 DNS转发网络拓扑结构图
serv01配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv01 named]# yum install bind* -y
--第二步,修改named.conf文件,修改如下
[root@serv01 named]# vim /etc/named.conf
[root@serv01 named]# cat /etc/named.conf
options {
listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
forwarders {192.168.1.12;};
recursionyes;
#dnssec-enableyes;
#dnssec-validationyes;
#dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
[root@serv01 named]# tail -n5/etc/named.rfc1912.zones
zone "justdb.com" IN {
typemaster;
file"justdb.com.zone";
allow-update{ none; };
};
--第三步,拷贝文件,注意加上-a或者-p参数
[root@serv01 named]# cp named.localhostjustdb.com.zone -a
--第四步,编辑justdb.com.zone文件
[root@serv01 named]# cat justdb.com.zone
$TTL 1D
@ INSOA dns.justdb.com. root.justdb.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.justdb.com.
dns IN A 192.168.1.11
www IN A 192.168.1.66
[root@serv01 named]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe07:dd3b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2823 errors:0 dropped:0 overruns:0 frame:0
TX packets:1618 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:257429 (251.3 KiB) TXbytes:252898 (246.9 KiB)
--第五步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
--第六步,测试本机
[root@serv01 named]# dig www.justdb.com+short
192.168.1.66serv02配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv02 named]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe6a:ec97/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2943 errors:0 dropped:0overruns:0 frame:0
TX packets:1728 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:265863 (259.6 KiB) TXbytes:279067 (272.5 KiB)
[root@serv01 named]# yum install bind* -y
--第二步,修改named.conf文件,修改如下
root@serv02 named]# vim /etc/named.conf
[root@serv02 named]# cat /etc/named.conf
options {
listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
[root@serv02 named]# tail -n6/etc/named.rfc1912.zones
zone "larrywen.com" IN {
type master;
file "larrywen.com.zone";
allow-update { none; };
};
--第三步,拷贝文件,注意加上-a或者-p参数
[root@serv02 named]# cp named.localhostlarrywen.com.zone -a
--第四步,编辑larrywen.com.zone文件
[root@serv02 named]# cat larrywen.com.zone
$TTL 1D
@ INSOA dns.larrywen.com. root.larrywen.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.larrywen.com.
dns IN A 192.168.1.12
www IN A 192.168.1.88
--第五步,重启服务
[root@serv02 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
--第六步,测试本机
[root@serv02 named]# dig www.larrywen.com+short
192.168.1.88serv03 测试机配置
--第一步,安装bind-util
[root@serv03 ~]# yum install bind-util* -y
--第二步,配置默认的dns
[root@serv03 ~]# cat /etc/resolv.conf
nameserver 192.168.1.11
--第三步,测试www.justdb.com
[root@serv03 ~]# dig www.justdb.com +short
192.168.1.66
--第四步,测试www.larrywen.com
[root@serv03 ~]# dig www.larrywen.com +short
192.168.1.88九 DNS主从服务器
从服务器自动成主服务器中同步数据
#serv01:主服务器 IP:192.168.1.11
#serv02:从服务器,主服务器发生变化,从服务器更新 IP 192.168.1.12
#serv03:测试机 IP:192.168.1.13
网络拓扑结构图如图二:
图二 DNS主从服务器网络拓扑结构图
server01配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv01 named]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe07:dd3b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2823 errors:0 dropped:0 overruns:0 frame:0
TX packets:1618 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:257429 (251.3 KiB) TXbytes:252898 (246.9 KiB)
[root@serv01 named]# yum install bind* -y
--第二步,修改named.conf文件,修改如下
[root@serv01 named]# vim /etc/named.conf
[root@serv01 named]# cat /etc/named.conf
options {
-- listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
--allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
[root@serv01 named]# tail -n7/etc/named.rfc1912.zones
zone "justdb.com" IN {
type master;
file "justdb.com.zone";
-- allow-transfer {192.168.1.12;};
notify yes;
also-notify { 192.168.1.12;};
};
--第三步,拷贝文件,注意加上-a或者-p参数
[root@serv01 named]# cp named.localhostjustdb.com.zone -a
--第四步,编辑justdb.com.zone文件
[root@serv01 named]# cat justdb.com.zone
$TTL 1D
@ INSOA dns.justdb.com. root.justdb.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.justdb.com.
dns IN A 192.168.1.11
www IN A 192.168.1.66
--第五步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]server02配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv02 slaves]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe6a:ec97/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1449 errors:0 dropped:0 overruns:0 frame:0
TX packets:908 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:133206 (130.0 KiB) TXbytes:148913 (145.4 KiB)
[root@serv01 named]# yum install bind* -y
--第二步,修改named.conf文件,修改如下
[root@serv01 named]# vim /etc/named.conf
[root@serv01 named]# cat /etc/named.conf
options {
--listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
-- allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
--第三步,修改named.rfc1912.zones 文件,修改如下
[root@serv02 slaves]# tail -n5/etc/named.rfc1912.zones
zone "justdb.com" IN {
type slave;
file "slaves/justdb.com.zone";
masters {192.168.1.11;};
};
--第四步,重启服务
[root@serv02 slaves]# /etc/init.d/namedrestart
Stopping named: [ OK ]
Starting named: [ OK ]
--第五步,进入slaves目录,发现自动生成了文件
[root@serv02 named]# cd slaves/
[root@serv02 slaves]# ll
total 0
[root@serv02 slaves]# ll
total 4
-rw-r--r—. 1 named named 330 Aug 8 23:43 justdb.com.zone
[root@serv02 slaves]# cat justdb.com.zone
$ORIGIN .
$TTL 86400 ;1 day
justdb.com INSOA dns.justdb.com. root.justdb.com. (
0 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.justdb.com.
$ORIGIN justdb.com.
dns A 192.168.1.11
www A 192.168.1.66测试
--第一步,server01加入新的地址,重启服务
[root@serv01 named]# vim justdb.com.zone
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@serv01 named]# cat justdb.com.zone
$TTL 1D
@ INSOA dns.justdb.com. root.justdb.com. (
-- #注意把serial改成1,不要和以前的保持一致
-- 1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.justdb.com.
dns IN A 192.168.1.11
www IN A 192.168.1.66
ftp IN A 192.168.1.88
--第二步,server02查看文件,发现更新成功
[root@serv02 slaves]# cat justdb.com.zone
$ORIGIN .
$TTL 86400 ;1 day
justdb.com INSOA dns.justdb.com. root.justdb.com. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.justdb.com.
$ORIGIN justdb.com.
dns A 192.168.1.11
--ftp A 192.168.1.88
www A 192.168.1.66
--#序列号只能改大,不能改小
#删除后也可以同步server03配置
可以使用dig测试双方同步的数据是否一致
十 子域授权
子级DNS服务器(子域授权)
#serv01
jutdb.com 192.168.1.11
web.justdb.com
web.hb.justdb.com
web.xn.justdb.com 192.168.1.12
#客户端192.168.1.13
#nameserver配置成192.168.1.11
#DNS转发:域名之间无关系
#子欲授权:域名之间有关系
网络拓扑结构图如图三:
图三 DNS子域授权网络拓扑结构图
serv01配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv01 named]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe07:dd3b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2823 errors:0 dropped:0 overruns:0 frame:0
TX packets:1618 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:257429 (251.3 KiB) TXbytes:252898 (246.9 KiB)
[root@serv01 named]# yum install bind* -y>/dev/null 2>&1
--第二步,修改named.conf文件,修改如下
[root@serv01 named]# vim /etc/named.conf
[root@serv01 named]# cat /etc/named.conf
options {
--listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
-- allow-query { any; };<
recursionyes;
--#dnssec-enable yes;
#dnssec-validationyes;
#dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
[root@serv01 named]# tail -n7/etc/named.rfc1912.zones
zone "justdb.com" IN {
type master;
file "justdb.com.zone";
allow-update { none; };
};
zone "hb.justdb.com" IN {
type master;
file "hb.justdb.com.zone";
allow-update { none; };
};
--第三步,拷贝文件,注意加上-a或者-p参数
[root@serv01 named]# cp named.localhostjustdb.com.zone -av
[root@serv01 named]# cp named.localhosthb.justdb.com.zone -av
--第四步,编辑justdb.com.zone和hb.justdb.com.zone文件
[root@serv01 named]# cat justdb.com.zone
$TTL 1D
@ INSOA dns.justdb.com. root.justdb.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.justdb.com.
dns IN A 192.168.1.11
web IN A 192.168.1.88
[root@serv01 named]# cat hb.justdb.com.zone
$TTL 1D
@ INSOA dns.hb.justdb.com.root.hb.justdb.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.hb.justdb.com.
dns IN A 192.168.1.11
web IN A 192.168.1.89
--第五步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]serv02配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv02 slaves]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe6a:ec97/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1449 errors:0 dropped:0 overruns:0 frame:0
TX packets:908 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:133206 (130.0 KiB) TXbytes:148913 (145.4 KiB)
[root@serv01 named]# yum install bind* -y>/dev/null 2>&1
--第二步,修改named.conf文件,修改如下
[root@serv01 named]# vim /etc/named.conf
[root@serv01 named]# cat /etc/named.conf
options {
-- listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
--allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
--第三步,修改named.rfc1912.zones 文件,修改如下
[root@serv02 named]# tail -n5/etc/named.rfc1912.zones
zone "xn.justdb.com" IN {
typemaster;
file"xn.justdb.com.zone";
allow-update{ none;};
};
--第四步,重启服务
[root@serv02 slaves]# /etc/init.d/namedrestart
Stopping named: [ OK ]
Starting named: [ OK ]实现功能
--第一步,serv01修改配置文件。添加如下两行
[root@serv01 named]# cat justdb.com.zone
$TTL 1D
@ INSOA dns.justdb.com root.justdb.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.justdb.com.
dns IN A 192.168.1.11
web IN A 192.168.1.88
--xn.justdb.com. IN NS dns.xn.justdb.com.
dns.xn.justdb.com. IN A 192.168.1.12
--第二步,serv03安装bind-util
[root@serv03 ~]# yum install bind-util* -y> /dev/null 2>&1
--第三步,serv03修改resolv配置文件
[root@serv03 ~]# echo "nameserver192.168.1.11" > /etc/resolv.conf
[root@serv03 ~]# cat /etc/resolv.conf
nameserver 192.168.1.11
--第四步,进行测试
[root@serv03 ~]# dig web.justdb.com +short
192.168.1.88
[root@serv03 ~]# dig web.hb.justdb.com +short
192.168.1.89
[root@serv03 ~]# dig web.xn.justdb.com +short
192.168.1.90十一 DNS高级视图
应用场景:不同的IP访问相同的域名,转到各自运营商的服务器
网络拓扑结构图如图四
图四 DNS高级视图网络拓扑结构图
serv01配置
--第一步,IP地址配置如下
[root@serv01 ~]# ifconfig eth0|grep"inet addr"
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
[root@serv01 ~]# ifconfig eth1|grep"inet addr"
inet addr:172.16.1.11 Bcast:172.16.1.255 Mask:255.255.255.0
[root@serv01 ~]# ifconfig |grep -A 1 eth
eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
--
eth1 Link encap:Ethernet HWaddr00:0C:29:07:DD:45
inet addr:172.16.1.11 Bcast:172.16.1.255 Mask:255.255.255.0
[root@serv02 ~]# man named.conf
--第二步,安装bind
[root@serv01 named]# yum install bind* -y
[root@serv01 named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package toconfigure the ISC BIND named(8) DNS
// server as a caching only nameserver (as alocalhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ forexample named configuration files.
//
options {
listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
#注释或者删除以下几行内容
#zone "." IN {
# typehint;
# file"named.ca";
#};
#如果这几行存在,重启服务会报如下错误:
Error in named configuration:
/etc/named.conf:35: when using 'view'statements, all zones must be in views
[FAILED]
#注释此行
#include"/etc/named.rfc1912.zones";
acl dx {
192.168.1.10;
192.168.1.11;
192.168.1.12;
192.168.1.13;
192.168.1.14;
};
acl wt {
172.16.1.10;
172.16.1.11;
172.16.1.12;
172.16.1.13;
172.16.1.14;
};
view dianxin {
match-clients{"dx";};
zone "." IN {
type hint;
file "named.ca";
};
#在此处进入命令模式,执行以下命令,将文件里的内容拷贝过来。
r !cat /etc/named.rfc1912.zones
zone "localhost.localdomain" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "localhost" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "0.in-addr.arpa" IN {
typemaster;
file"named.empty";
allow-update{ none; };
};
zone "larrywen.com" {
typemaster;
file"larrywen.com.zone.dx";
allow-update{ none;};
};
};
view wangtong {
match-clients{"wt";};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "localhost" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "0.in-addr.arpa" IN {
typemaster;
file"named.empty";
allow-update{ none; };
};
zone "larrywen.com" {
typemaster;
file"larrywen.com.zone.wt";
allow-update{ none;};
};
};
--第三步,拷贝并编辑larrywen.com.zone.dx文件
[root@serv01 named]# cp named.localhost larrywen.com.zone.dx-a
[root@serv01 named]# vimlarrywen.com.zone.dx
[root@serv01 named]# catlarrywen.com.zone.dx
$TTL 1D
@ INSOA dns.larrywen.com. root.larrywen.com.(
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.larrywen.com.
dns IN A 192.168.1.11
www IN A 192.168.1.88
--第四步,拷贝并编辑larrywen.com.zone.wt 文件
[root@serv01 named]# cp named.localhostlarrywen.com.zone.wt-a
[root@serv01 named]# vim larrywen.com.zone.wt
[root@serv01 named]# cat larrywen.com.zone.wt
$TTL 1D
@ INSOA dns.larrywen.com. root.larrywen.com.(
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.larrywen.com.
dns IN A 172.16.1.11
www IN A 172.16.1.88
--第五步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]serv02 测试
--第一步,配置IP
[root@serv02 ~]# ifconfig eth0|grep"inet addr"
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
--第二步,安装bind-utils工具
[root@serv02 ~]# yum install bind-utils-y
--第三步,配置DNS
[root@serv02 ~]# echo "nameserver192.168.1.11" > /etc/resolv.conf
--第四步,检测
[root@serv02 ~]# dig www.larrywen.com +short
192.168.1.88
[root@serv02 ~]# ifconfig|grep -A 1 eth
eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0serv03测试
--第一步,配置IP
[root@serv03 ~]# ifconfig eth0|grep"inet addr"
inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0
[root@serv03 ~]# ifconfig eth1|grep"inet addr"
inet addr:172.16.1.12 Bcast:172.16.1.255 Mask:255.255.255.0
[root@serv03 ~]# ifconfig|grep -A 1 eth
eth0 Link encap:Ethernet HWaddr00:0C:29:BD:08:05
inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0
--
eth1 Link encap:Ethernet HWaddr00:0C:29:BD:08:0F
inet addr:172.16.1.12 Bcast:172.16.1.255 Mask:255.255.255.0
--第二步,安装bind-utils工具
[root@serv02 ~]# yum install bind-utils-y
--第三步,配置DNS
[root@serv03 ~]# echo "nameserver172.16.1.11" > /etc/resolv.conf
--第四步,检测
[root@serv03 ~]# dig www.larrywen.com +short
172.16.1.88十二 /etc/named.conf:41: open: /etc/named.acl.dx: file not found解决
chroot:笼环境,阻止因软件的漏洞而任意切换根目录
chroot:虚拟根目录
[root@serv01 etc]# ls -l /etc/named.conf/var/named/chroot/etc/named.conf -i
131137 -rw-r-----. 1 root named 2563 Aug 1219:37 /etc/named.conf
131137 -rw-r-----. 1 root named 2563 Aug 1219:37 /var/named/chroot/etc/named.conf
--第一步,写到配置文件(named.conf)中
[root@serv01 etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package toconfigure the ISC BIND named(8) DNS
// server as a caching only nameserver (as alocalhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ forexample named configuration files.
//
options {
listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
#zone "." IN {
# typehint;
# file"named.ca";
#};
#include "/etc/named.rfc1912.zones";
include"/etc/named.acl.dx";
include"/etc/named.acl.wt";
view dianxin {
match-clients{"dx";};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "localhost" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "0.in-addr.arpa" IN {
typemaster;
file"named.empty";
allow-update{ none; };
};
zone "larrywen.com" {
typemaster;
file"larrywen.com.zone.dx";
allow-update{ none;};
};
};
view wangtong {
match-clients{"wt";};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "localhost" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "0.in-addr.arpa" IN {
typemaster;
file"named.empty";
allow-update{ none; };
};
zone "larrywen.com" {
typemaster;
file"larrywen.com.zone.wt";
allow-update{ none;};
};
};
--第二步,查看配置文件
[root@serv01 etc]# vim /etc/named.acl.dx
[root@serv01 etc]# cat /etc/named.acl.dx
acl dx {
192.168.1.10;
192.168.1.11;
192.168.1.12;
192.168.1.13;
192.168.1.14;
};
[root@serv01 etc]# vim /etc/named.acl.wt
[root@serv01 etc]# cat /etc/named.acl.wt
acl wt {
172.16.1.10;
172.16.1.11;
172.16.1.12;
172.16.1.13;
172.16.1.14;
};
--第三步,重启服务,发生错误
[root@serv01 etc]# /etc/init.d/namedrestart
Stopping named: [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:41: open: /etc/named.acl.dx:file not found
[FAILED]
--第四步,解决问题(将etc目录下的named文件拷贝到 /var/named/chroot/etc/)
[root@serv01 etc]# cd /var/named/
chroot/ dynamic/ larrywen.com.zone.wt named.empty named.loopback
data/ larrywen.com.zone.dx named.ca named.localhost slaves/
[root@serv01 etc]# cd /var/named/chroot/etc/
[root@serv01 etc]# ll
total 12
-rw-r--r--. 1 root root 389 Jul 23 00:57 localtime
drwxr-x---. 2 root named 4096 Mar 28 2011 named
drwxr-xr-x. 3 root root 4096 Aug 12 18:27 pki
[root@serv01 etc]# cp /etc/named* ./ -a
[root@serv01 etc]# ll
total 36
-rw-r--r--. 1 root root 389 Jul 23 00:57 localtime
drwxr-x---. 2 root named 4096 Mar 28 2011 named
-rw-r-----. 1 root named 123 Aug 12 19:49 named.acl.dx
-rw-r-----. 1 root named 118 Aug 12 19:50 named.acl.wt
-rw-r-----. 1 root named 2450 Aug 12 19:54named.conf
-rw-r--r--. 1 root named 2544 Mar 28 2011 named.iscdlv.key
-rw-r-----. 1 root named 931 Jun 21 2007 named.rfc1912.zones
-rw-r--r--. 1 root named 487 Mar 28 2011 named.root.key
drwxr-xr-x. 3 root root 4096 Aug 12 18:27 pki
[root@serv01 etc]# /etc/init.d/named restart
Stopping named: [ OK ]
Starting named: [ OK ]我的邮箱:wgbno27@163.com 新浪微博:@Wentasy27 微信公众平台:JustOracle(微信号:justoracle) 数据库技术交流群:336882565(加群时验证 From CSDN XXX) By Larry Wen
 |   |
| @Wentasy 博文仅供参考,欢迎大家来访。如有错误之处,希望批评指正。原创博文如需转载请注明出处,谢谢 :) [CSDN博客] |
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
